From 599364b264eff504a01a3edc9bd08f2d70c2ff7c Mon Sep 17 00:00:00 2001
From: Paul Richards <paul@issue-track.org>
Date: Sat, 1 Nov 2014 20:10:41 +0000
Subject: [PATCH] Do not pass raw user data to unserialize

Filters were moved to TOKEN api, so the code in current_user_api to handle
?filter= on URL query strings is a left over from this move and is no
longer necessary.

This issue was reported by Matthias Karlsson (http://mathiaskarlsson.me)
as part of Offensive Security's bug bounty program [1].

Fixes #17875

[1] http://www.offensive-security.com/bug-bounty-program/

Signed-off-by: Damien Regad <dregad@mantisbt.org>
---
 core/current_user_api.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/current_user_api.php b/core/current_user_api.php
index 482cc734f2..596b87c317 100644
--- a/core/current_user_api.php
+++ b/core/current_user_api.php
@@ -203,7 +203,7 @@ function current_user_get_bug_filter( $p_project_id = null ) {
 				$t_filter = unserialize( $t_token );
 			}
 		} else {
-			$t_filter = unserialize( $f_filter_string );
+			return false;
 		}
 	} else if( !filter_is_cookie_valid() ) {
 		return false;